Now let’s work to eliminate the multiple certificate warnings we receive when accessing our Remote Desktops and RemoteApp programs. In this example I will make use of an enterprise certificate authority configured in my AD domain, of which my RD Session Host/Web Access server is a member.
Note that this process will only eliminate the warnings if my clients and RDS server are members of the AD domain since they will automatically trust the AD enterprise certificate authority. If you have non-domain clients that connect to your RDS server you’ll need to export and import your CA root certificate into the certificate store on these systems so the IIS and RDS certificates are trusted. Page 1 of the post Configuring Non-Domain Windows IIS Servers has details on how to do this.
Eliminate RD Web Access/IIS Certificate Warning
First if you have not done so in your environment already, Install an Enterprise Certificate Authority in Windows 2008 R2.
Next, Configure a Server Certificate for IIS/RD Web Access.
These two steps should take care of the warning we receive when we access the RD Web Access web site.
Eliminate RemoteApp Certificate Warning
Now let’s remove the first RemoteApp certificate warning. On the Session Host navigate to Start > Administrative Tools > Remote Desktop Services > RemoteApp Manager.
Under Overview click Change after the Digital Signature Settings heading.
Under the Digital Signature tab check the box for “Sign with a digital certificate”. Then click the Change button.
Select the certificate published from our enterprise CA. I’ll use the certificate I requested for my IIS/RD Web Access service. Be sure and choose the certificate issued by the CA and not the self signed certificate. Click OK.
Click OK back at the RemoteApp Deployment Settings box.
Once a certificate from a trusted certificate authority is configured, the RemoteApp session should pass through the authentication credentials entered on the RD Web Access page and the second log on to the Session Host will no longer be necessary. Yes!
Eliminate Remote Desktop Connection Certificate Warning
I have noticed that this step is not needed with Windows 7 domain member clients, but for good measure I wanted to make sure that all of my potential clients are cleared of certificate warning messages. On the Session Host go to Start > Admin Tools > Remote Desktop Services > Remote Desktop Session Host Configuration.
In the center pane under Connections double click the RDP-Tcp connection.
In the General tab under Certificate click the Select button.
Again I’ll use the certificate I published for the IIS/Web Access role. Click OK.
Back at the RDP-Tcp Properties box click OK. We should now be configured to access our RemoteApps without any more annoying certificate warnings!
No comments:
Post a Comment